Greg6769

Dernier Re (enfin je l'espère ! hehe) J'ai suivi tous tes conseils à la lettre, et j'ai l'impression que ca va beaucoup mieux ! Mon ordi (ainsi que moi-meme biensur) tes vraiment méga reconnaissant ! Merci pour ton ecoute et ta disponibilité ! Ca fait toujours plaisir de savoir qu'il y a des gens prets à aider ! Pour terminer, je suis allé poster mon rapport sur le site des plaintes. Tres bonne journee à toi Charles ^^

Voilà le premier rapport : ComboFix 08-02.05.3 - Greg 2008-02-07 17:38:48.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.220 [GMT 1:00] Endroit: C:\Documents and Settings\Greg\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Greg\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\kmd.exe C:\Temp\sbhKK1910.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\kmd.exe C:\Temp\sbhKK1910.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))))))) . 2008-02-07 13:56 . 2008-02-07 13:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-07 13:56 . 2008-02-07 13:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-06 13:49 . 2008-02-06 13:49 <REP> d-------- C:\Program Files\Trend Micro 2008-02-05 22:52 . 2008-02-05 22:52 <REP> d-------- C:\Program Files\Drmupgds 2008-02-05 22:48 . 2008-02-07 17:39 <REP> d-------- C:\Temp 2008-02-04 18:38 . 2008-02-04 18:39 <REP> d-------- C:\WINDOWS\system32\Garfield Guide To Cats dir 2008-02-04 18:38 . 2008-02-04 18:38 201,728 --a------ C:\WINDOWS\system32\Garfield Guide To Cats.scr 2008-01-30 21:05 . 2008-01-30 21:06 <REP> d-------- C:\Documents and Settings\Greg\Application Data\XnView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 00:27 --------- d-----w C:\Documents and Settings\Greg\Application Data\Azureus 2008-02-04 16:47 5,886 ----a-w C:\Documents and Settings\Greg\Application Data\wklnhst.dat 2008-01-28 18:53 --------- d-----w C:\Program Files\adslTV 2008-01-15 12:08 --------- d-----w C:\Program Files\Azureus 2008-01-01 22:48 108,336 ----a-w C:\Program Files\mswinsck.ocx 2007-12-25 15:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-23 11:19 57,664 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT 2007-12-20 13:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM 2007-12-14 15:41 --------- d-----w C:\Documents and Settings\Greg\Application Data\LG Electronics 2007-12-14 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 15:32 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-14 15:32 --------- d-----w C:\Program Files\LG Electronics 2007-12-14 15:29 --------- d-----w C:\Documents and Settings\Greg\Application Data\InstallShield 2007-12-09 08:02 --------- d-----w C:\Program Files\eMule 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-05 22:52 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2002-11-20 14:17 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2003-09-23 23:48 4870144 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2003-09-23 23:48 323584 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SENS Keyboard V4 Launcher] --a------ 2003-08-19 19:29 49152 C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-10-29 21:10 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] -ra------ 2003-01-02 11:11 577536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] -ra------ 2003-01-02 11:12 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2000-08-23 09:19] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-01 21:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 17:41:00 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-07 17:41:29 ComboFix-quarantined-files.txt 2008-02-07 16:41:14 ComboFix2.txt 2008-02-07 12:35:52 ComboFix3.txt 2008-02-06 22:37:42 ComboFix4.txt 2008-02-06 22:33:13 . 2008-01-09 17:35:16 --- E O F ---

Ca y est ! ça a fonctionné ! Je te mets le rapport : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, February 07, 2008 3:30:18 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/02/2008 Kaspersky Anti-Virus database records: 553248 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 50944 Number of viruses found: 11 Number of infected objects: 29 Number of suspicious objects: 0 Duration of the scan process: 00:39:44 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Greg\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Historique\History.IE5\MSHist012008020720080208\index.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Greg\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Greg\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\Drmupgds\Drmupgds.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan-Downloader.Win32.Agent.ipm skipped C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.idv skipped C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.iug skipped C:\QooBox\Quarantine\C\WINDOWS\system32\feq9\kiffs83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\QooBox\Quarantine\C\WINDOWS\system32\feq9\kiffs83122.exe.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cgu skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yayaaxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-06_233058.87.zip/iifcdcc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-06_233058.87.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007727.exe Infected: Trojan-Downloader.Win32.Agent.ipm skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007728.exe Infected: Trojan.Win32.Scapur.k skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007729.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007730.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007731.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP100\A0007737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP101\A0007847.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP101\A0007847.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP101\A0007848.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP101\change.log Object is locked skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP98\A0007669.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped C:\System Volume Information\_restore{A4ADC441-8058-4E66-AAB1-0E87FF26006E}\RP99\A0007720.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped C:\Temp\sbhKK1910.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Temp\sbhKK1910.exe/data0003 Infected: Trojan-Downloader.Win32.Small.iaw skipped C:\Temp\sbhKK1910.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\Temp\sbhKK1910.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped C:\Temp\sbhKK1910.exe NSIS: infected - 4 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{E833D26B-939E-441A-8987-9944E8EEAA0D}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Re ! Le scan Kaspersky a buggé... Du coup je dois le relancer... ( pas de fenetre pour le rapport ) J'espere que ca ne va pas tout perturber ! Je vais essayer de poster le rapport ( si il veut bien le donner) le plus vite possible ^^

Bonjour ! Me revoilà pour le second rapport : ComboFix 08-02.05.3 - Greg 2008-02-07 13:33:12.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.235 [GMT 1:00] Endroit: C:\Documents and Settings\Greg\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Greg\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\isgTi19 C:\Temp\isgTi19\lPig.log C:\WINDOWS\system32\dp1 C:\WINDOWS\system32\feq9 C:\WINDOWS\system32\feq9\kiffs83122.exe C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))))))) . 2008-02-06 23:36 . 2004-08-05 13:00 400,896 --a------ C:\kmd.exe 2008-02-06 13:49 . 2008-02-06 13:49 <REP> d-------- C:\Program Files\Trend Micro 2008-02-05 22:52 . 2008-02-05 22:52 <REP> d-------- C:\Program Files\Drmupgds 2008-02-05 22:49 . 2008-02-05 22:49 224,804 --a------ C:\Temp\sbhKK1910.exe 2008-02-05 22:48 . 2008-02-07 13:33 <REP> d-------- C:\Temp 2008-02-04 18:38 . 2008-02-04 18:39 <REP> d-------- C:\WINDOWS\system32\Garfield Guide To Cats dir 2008-02-04 18:38 . 2008-02-04 18:38 201,728 --a------ C:\WINDOWS\system32\Garfield Guide To Cats.scr 2008-01-30 21:05 . 2008-01-30 21:06 <REP> d-------- C:\Documents and Settings\Greg\Application Data\XnView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 00:27 --------- d-----w C:\Documents and Settings\Greg\Application Data\Azureus 2008-02-04 16:47 5,886 ----a-w C:\Documents and Settings\Greg\Application Data\wklnhst.dat 2008-01-28 18:53 --------- d-----w C:\Program Files\adslTV 2008-01-15 12:08 --------- d-----w C:\Program Files\Azureus 2008-01-01 22:48 108,336 ----a-w C:\Program Files\mswinsck.ocx 2007-12-25 15:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-23 11:19 57,664 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT 2007-12-20 13:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM 2007-12-14 15:41 --------- d-----w C:\Documents and Settings\Greg\Application Data\LG Electronics 2007-12-14 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 15:32 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-14 15:32 --------- d-----w C:\Program Files\LG Electronics 2007-12-14 15:29 --------- d-----w C:\Documents and Settings\Greg\Application Data\InstallShield 2007-12-09 08:02 --------- d-----w C:\Program Files\eMule 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-05 22:52 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2002-11-20 14:17 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2003-09-23 23:48 4870144 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2003-09-23 23:48 323584 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SENS Keyboard V4 Launcher] --a------ 2003-08-19 19:29 49152 C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-10-29 21:10 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] -ra------ 2003-01-02 11:11 577536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] -ra------ 2003-01-02 11:12 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2000-08-23 09:19] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-01 21:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 13:35:23 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-07 13:35:52 ComboFix-quarantined-files.txt 2008-02-07 12:35:37 ComboFix2.txt 2008-02-06 22:37:42 ComboFix3.txt 2008-02-06 22:33:13 . 2008-01-09 17:35:16 --- E O F ---

Re ! Aie ! Désolé, j'avais pas remarqué que je l'avais fait en double ! ( tete en l'air, jte jure !) G recherché le premier rapport... Gspere ne pas l'avoir effacé ou autre chose ! Voilà ce que j'ai trouvé : ( je ferais le reste de la manip' demain) Merci, et bonne nuit ComboFix 08-02.05.3 - Greg 2008-02-06 23:23:53.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.227 [GMT 1:00] Endroit: C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CSTRPTTG\ComboFix[1].exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\efefg.dll C:\WINDOWS\system32\iifcdcc.dll C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe C:\Program Files\Temporary C:\Program Files\Temporary\kernInst.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\b122.exe C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\efefg.dll C:\WINDOWS\system32\gfefe.ini C:\WINDOWS\system32\gfefe.ini2 C:\WINDOWS\system32\iifcdcc.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\yayaaxy.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))))))) . 2008-02-06 13:49 . 2008-02-06 13:49 <REP> d-------- C:\Program Files\Trend Micro 2008-02-05 22:52 . 2008-02-05 22:52 <REP> d-------- C:\Program Files\Drmupgds 2008-02-05 22:49 . 2008-02-05 22:49 <REP> d-------- C:\WINDOWS\system32\feq9 2008-02-05 22:49 . 2008-02-05 22:49 <REP> d-------- C:\WINDOWS\system32\dp1 2008-02-05 22:49 . 2008-02-05 22:49 224,804 --a------ C:\Temp\sbhKK1910.exe 2008-02-05 22:48 . 2008-02-05 22:48 <REP> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-05 22:48 . 2008-02-05 22:49 <REP> d-------- C:\Temp\isgTi19 2008-02-05 22:48 . 2008-02-06 23:24 <REP> d-------- C:\Temp 2008-02-04 18:38 . 2008-02-04 18:39 <REP> d-------- C:\WINDOWS\system32\Garfield Guide To Cats dir 2008-02-04 18:38 . 2008-02-04 18:38 201,728 --a------ C:\WINDOWS\system32\Garfield Guide To Cats.scr 2008-01-30 21:05 . 2008-01-30 21:06 <REP> d-------- C:\Documents and Settings\Greg\Application Data\XnView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 00:27 --------- d-----w C:\Documents and Settings\Greg\Application Data\Azureus 2008-02-04 16:47 5,886 ----a-w C:\Documents and Settings\Greg\Application Data\wklnhst.dat 2008-01-28 18:53 --------- d-----w C:\Program Files\adslTV 2008-01-15 12:08 --------- d-----w C:\Program Files\Azureus 2008-01-01 22:48 108,336 ----a-w C:\Program Files\mswinsck.ocx 2007-12-25 15:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-23 11:19 57,664 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT 2007-12-20 13:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM 2007-12-14 15:41 --------- d-----w C:\Documents and Settings\Greg\Application Data\LG Electronics 2007-12-14 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 15:32 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-14 15:32 --------- d-----w C:\Program Files\LG Electronics 2007-12-14 15:29 --------- d-----w C:\Documents and Settings\Greg\Application Data\InstallShield 2007-12-09 08:02 --------- d-----w C:\Program Files\eMule . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8D471F3-D784-458E-9BEE-9B823278BB1A}] C:\Program Files\Windows Media Player\holemunC:\WINDOWS\system32\feq9\kiffs83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-05 22:52 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2002-11-20 14:17 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2003-09-23 23:48 4870144 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2003-09-23 23:48 323584 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SENS Keyboard V4 Launcher] --a------ 2003-08-19 19:29 49152 C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-10-29 21:10 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] -ra------ 2003-01-02 11:11 577536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] -ra------ 2003-01-02 11:12 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2000-08-23 09:19] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-01 21:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 23:31:13 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-06 23:33:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-06 22:33:03 . 2008-01-09 17:35:16 --- E O F ---

Re ! J'ai suivi toutes les étapes, et voilà le rapport : (et merci encore) ! ComboFix 08-02.05.3 - Greg 2008-02-06 23:36:16.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.252 [GMT 1:00] Endroit: C:\Documents and Settings\Greg\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))))))) . 2008-02-06 13:49 . 2008-02-06 13:49 <REP> d-------- C:\Program Files\Trend Micro 2008-02-05 22:52 . 2008-02-05 22:52 <REP> d-------- C:\Program Files\Drmupgds 2008-02-05 22:49 . 2008-02-05 22:49 <REP> d-------- C:\WINDOWS\system32\feq9 2008-02-05 22:49 . 2008-02-05 22:49 <REP> d-------- C:\WINDOWS\system32\dp1 2008-02-05 22:49 . 2008-02-05 22:49 224,804 --a------ C:\Temp\sbhKK1910.exe 2008-02-05 22:48 . 2008-02-05 22:48 <REP> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-05 22:48 . 2008-02-05 22:49 <REP> d-------- C:\Temp\isgTi19 2008-02-05 22:48 . 2008-02-06 23:24 <REP> d-------- C:\Temp 2008-02-04 18:38 . 2008-02-04 18:39 <REP> d-------- C:\WINDOWS\system32\Garfield Guide To Cats dir 2008-02-04 18:38 . 2008-02-04 18:38 201,728 --a------ C:\WINDOWS\system32\Garfield Guide To Cats.scr 2008-01-30 21:05 . 2008-01-30 21:06 <REP> d-------- C:\Documents and Settings\Greg\Application Data\XnView . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 00:27 --------- d-----w C:\Documents and Settings\Greg\Application Data\Azureus 2008-02-04 16:47 5,886 ----a-w C:\Documents and Settings\Greg\Application Data\wklnhst.dat 2008-01-28 18:53 --------- d-----w C:\Program Files\adslTV 2008-01-15 12:08 --------- d-----w C:\Program Files\Azureus 2008-01-01 22:48 108,336 ----a-w C:\Program Files\mswinsck.ocx 2007-12-25 15:32 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-23 11:19 57,664 ----a-w C:\Documents and Settings\Greg\Application Data\GDIPFONTCACHEV1.DAT 2007-12-20 13:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM 2007-12-14 15:41 --------- d-----w C:\Documents and Settings\Greg\Application Data\LG Electronics 2007-12-14 15:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 15:32 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-14 15:32 --------- d-----w C:\Program Files\LG Electronics 2007-12-14 15:29 --------- d-----w C:\Documents and Settings\Greg\Application Data\InstallShield 2007-12-09 08:02 --------- d-----w C:\Program Files\eMule 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8D471F3-D784-458E-9BEE-9B823278BB1A}] C:\Program Files\Windows Media Player\holemunC:\WINDOWS\system32\feq9\kiffs83122.exe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [2008-02-05 22:52 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2002-11-20 14:17 87751 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -ra------ 2003-09-23 23:48 4870144 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -ra------ 2003-09-23 23:48 323584 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SENS Keyboard V4 Launcher] --a------ 2003-08-19 19:29 49152 C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-10-29 21:10 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] -ra------ 2003-01-02 11:11 577536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] -ra------ 2003-01-02 11:12 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2000-08-23 09:19] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-01 21:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 23:37:10 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-06 23:37:41 ComboFix-quarantined-files.txt 2008-02-06 22:37:25 ComboFix2.txt 2008-02-06 22:33:13 . 2008-01-09 17:35:16 --- E O F ---

Bonsoir ! Je viens tout juste de rentrer du boulot, et je viens de voir que tu avais continué ds ta reponse. Quand tu dis que toutes les applications doivent etre fermees, ca veut dire que je dois fermer toutes mes fenetres de naviguation, et mon antivirus aussi? Jte remercie beaucoup

Re ! Jte remercie pour ta réponse méga rapide ! G fait comme indiqué, et voilà le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:43, on 06/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Drmupgds\Drmupgds.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193697096959 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 5368 bytes

Bonjour à tous, Alors voilà, depuis hier soir je suis infecté par ce truc : Win32: TratBHO (trj) Et je ne sais vraiment pas comment m'en debarasser. Je suis sous Avast. Ce serait vraiment merveilleux si quelqu'un pouvait me donner un coup de main ! Merci à tous